| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2007-2016, Cameron Rich |
| 3 | * |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions are met: |
| 8 | * |
| 9 | * * Redistributions of source code must retain the above copyright notice, |
| 10 | * this list of conditions and the following disclaimer. |
| 11 | * * Redistributions in binary form must reproduce the above copyright notice, |
| 12 | * this list of conditions and the following disclaimer in the documentation |
| 13 | * and/or other materials provided with the distribution. |
| 14 | * * Neither the name of the axTLS project nor the names of its contributors |
| 15 | * may be used to endorse or promote products derived from this software |
| 16 | * without specific prior written permission. |
| 17 | * |
| 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
| 22 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| 23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| 24 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| 25 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
| 26 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
| 27 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
| 28 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 | */ |
| 30 | #include <stdlib.h> |
| 31 | #include <string.h> |
| 32 | #include <stdio.h> |
| 33 | #include "os_port.h" |
| 34 | #include "ssl.h" |
| 35 | |
| 36 | #ifdef CONFIG_SSL_ENABLE_SERVER |
| 37 | |
| 38 | static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 }; |
| 39 | static const uint8_t g_asn1_sha256[] = |
| 40 | { |
| 41 | 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, |
| 42 | 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 |
| 43 | }; |
| 44 | |
| 45 | static int process_client_hello(SSL *ssl); |
| 46 | static int send_server_hello_sequence(SSL *ssl); |
| 47 | static int send_server_hello(SSL *ssl); |
| 48 | static int send_server_hello_done(SSL *ssl); |
| 49 | static int process_client_key_xchg(SSL *ssl); |
| 50 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
| 51 | static int send_certificate_request(SSL *ssl); |
| 52 | static int process_cert_verify(SSL *ssl); |
| 53 | #endif |
| 54 | |
| 55 | /* |
| 56 | * Establish a new SSL connection to an SSL client. |
| 57 | */ |
| 58 | EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, long client_fd) |
| 59 | { |
| 60 | SSL *ssl; |
| 61 | |
| 62 | ssl = ssl_new(ssl_ctx, client_fd); |
| 63 | ssl->next_state = HS_CLIENT_HELLO; |
| 64 | |
| 65 | #ifdef CONFIG_SSL_DIAGNOSTICS |
| 66 | if (ssl_ctx->chain_length == 0) |
| 67 | printf("Warning - no server certificate defined\n"); TTY_FLUSH(); |
| 68 | #endif |
| 69 | |
| 70 | return ssl; |
| 71 | } |
| 72 | |
| 73 | /* |
| 74 | * Process the handshake record. |
| 75 | */ |
| 76 | int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len) |
| 77 | { |
| 78 | int ret = SSL_OK; |
| 79 | ssl->hs_status = SSL_NOT_OK; /* not connected */ |
| 80 | |
| 81 | /* To get here the state must be valid */ |
| 82 | switch (handshake_type) |
| 83 | { |
| 84 | case HS_CLIENT_HELLO: |
| 85 | if ((ret = process_client_hello(ssl)) == SSL_OK) |
| 86 | ret = send_server_hello_sequence(ssl); |
| 87 | break; |
| 88 | |
| 89 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
| 90 | case HS_CERTIFICATE:/* the client sends its cert */ |
| 91 | ret = process_certificate(ssl, &ssl->x509_ctx); |
| 92 | |
| 93 | if (ret == SSL_OK) /* verify the cert */ |
| 94 | { |
| 95 | int cert_res; |
| 96 | int pathLenConstraint = 0; |
| 97 | |
| 98 | cert_res = x509_verify(ssl->ssl_ctx->ca_cert_ctx, |
| 99 | ssl->x509_ctx, &pathLenConstraint); |
| 100 | ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res); |
| 101 | } |
| 102 | break; |
| 103 | |
| 104 | case HS_CERT_VERIFY: |
| 105 | ret = process_cert_verify(ssl); |
| 106 | add_packet(ssl, buf, hs_len); /* needs to be done after */ |
| 107 | break; |
| 108 | #endif |
| 109 | case HS_CLIENT_KEY_XCHG: |
| 110 | ret = process_client_key_xchg(ssl); |
| 111 | break; |
| 112 | |
| 113 | case HS_FINISHED: |
| 114 | ret = process_finished(ssl, buf, hs_len); |
| 115 | disposable_free(ssl); /* free up some memory */ |
| 116 | break; |
| 117 | } |
| 118 | |
| 119 | return ret; |
| 120 | } |
| 121 | |
| 122 | /* |
| 123 | * Process a client hello message. |
| 124 | */ |
| 125 | static int process_client_hello(SSL *ssl) |
| 126 | { |
| 127 | uint8_t *buf = ssl->bm_data; |
| 128 | int pkt_size = ssl->bm_index; |
| 129 | int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE; |
| 130 | int ret = SSL_OK; |
| 131 | |
| 132 | uint8_t version = (buf[4] << 4) + buf[5]; |
| 133 | ssl->version = ssl->client_version = version; |
| 134 | |
| 135 | if (version > SSL_PROTOCOL_VERSION_MAX) |
| 136 | { |
| 137 | /* use client's version instead */ |
| 138 | ssl->version = SSL_PROTOCOL_VERSION_MAX; |
| 139 | } |
| 140 | else if (version < SSL_PROTOCOL_MIN_VERSION) /* old version supported? */ |
| 141 | { |
| 142 | ret = SSL_ERROR_INVALID_VERSION; |
| 143 | #ifdef CONFIG_SSL_DIAGNOSTICS |
| 144 | ssl_display_error(ret); |
| 145 | #endif |
| 146 | goto error; |
| 147 | } |
| 148 | |
| 149 | memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE); |
| 150 | |
| 151 | /* process the session id */ |
| 152 | id_len = buf[offset++]; |
| 153 | if (id_len > SSL_SESSION_ID_SIZE) |
| 154 | { |
| 155 | return SSL_ERROR_INVALID_SESSION; |
| 156 | } |
| 157 | |
| 158 | #ifndef CONFIG_SSL_SKELETON_MODE |
| 159 | ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions, |
| 160 | ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL); |
| 161 | #endif |
| 162 | |
| 163 | offset += id_len; |
| 164 | cs_len = (buf[offset]<<8) + buf[offset+1]; |
| 165 | offset += 3; /* add 1 due to all cipher suites being 8 bit */ |
| 166 | |
| 167 | PARANOIA_CHECK(pkt_size, offset + cs_len); |
| 168 | |
| 169 | /* work out what cipher suite we are going to use - client defines |
| 170 | the preference */ |
| 171 | for (i = 0; i < cs_len; i += 2) |
| 172 | { |
| 173 | for (j = 0; j < NUM_PROTOCOLS; j++) |
| 174 | { |
| 175 | if (ssl_prot_prefs[j] == buf[offset+i]) /* got a match? */ |
| 176 | { |
| 177 | ssl->cipher = ssl_prot_prefs[j]; |
| 178 | goto do_compression; |
| 179 | } |
| 180 | } |
| 181 | } |
| 182 | |
| 183 | /* ouch! protocol is not supported */ |
| 184 | return SSL_ERROR_NO_CIPHER; |
| 185 | |
| 186 | /* completely ignore compression */ |
| 187 | do_compression: |
| 188 | offset += cs_len; |
| 189 | id_len = buf[offset++]; |
| 190 | offset += id_len; |
| 191 | PARANOIA_CHECK(pkt_size, offset + id_len); |
| 192 | |
| 193 | if (offset == pkt_size) |
| 194 | { |
| 195 | /* no extensions */ |
| 196 | goto error; |
| 197 | } |
| 198 | |
| 199 | /* extension size */ |
| 200 | id_len = buf[offset++] << 8; |
| 201 | id_len += buf[offset++]; |
| 202 | PARANOIA_CHECK(pkt_size, offset + id_len); |
| 203 | |
| 204 | // Check for extensions from the client - only the signature algorithm |
| 205 | // is supported |
| 206 | while (offset < pkt_size) |
| 207 | { |
| 208 | int ext = buf[offset++] << 8; |
| 209 | ext += buf[offset++]; |
| 210 | int ext_len = buf[offset++] << 8; |
| 211 | ext_len += buf[offset++]; |
| 212 | PARANOIA_CHECK(pkt_size, offset + ext_len); |
| 213 | |
| 214 | if (ext == SSL_EXT_SIG_ALG) |
| 215 | { |
| 216 | while (ext_len > 0) |
| 217 | { |
| 218 | uint8_t hash_alg = buf[offset++]; |
| 219 | uint8_t sig_alg = buf[offset++]; |
| 220 | ext_len -= 2; |
| 221 | |
| 222 | if (sig_alg == SIG_ALG_RSA && |
| 223 | (hash_alg == SIG_ALG_SHA1 || |
| 224 | hash_alg == SIG_ALG_SHA256 || |
| 225 | hash_alg == SIG_ALG_SHA384 || |
| 226 | hash_alg == SIG_ALG_SHA512)) |
| 227 | { |
| 228 | ssl->sig_algs[ssl->num_sig_algs++] = hash_alg; |
| 229 | } |
| 230 | } |
| 231 | } |
| 232 | else |
| 233 | { |
| 234 | offset += ext_len; |
| 235 | } |
| 236 | } |
| 237 | |
| 238 | /* default is RSA/SHA1 */ |
| 239 | if (ssl->num_sig_algs == 0) |
| 240 | { |
| 241 | ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1; |
| 242 | } |
| 243 | |
| 244 | error: |
| 245 | return ret; |
| 246 | } |
| 247 | |
| 248 | /* |
| 249 | * Send the entire server hello sequence |
| 250 | */ |
| 251 | #if CONFIG_SSL_ENABLE_SERVER |
| 252 | static int send_server_hello_sequence(SSL *ssl) |
| 253 | { |
| 254 | int ret; |
| 255 | |
| 256 | if ((ret = send_server_hello(ssl)) == SSL_OK) |
| 257 | { |
| 258 | #ifndef CONFIG_SSL_SKELETON_MODE |
| 259 | /* resume handshake? */ |
| 260 | if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) |
| 261 | { |
| 262 | if ((ret = send_change_cipher_spec(ssl)) == SSL_OK) |
| 263 | { |
| 264 | ret = send_finished(ssl); |
| 265 | ssl->next_state = HS_FINISHED; |
| 266 | } |
| 267 | } |
| 268 | else |
| 269 | #endif |
| 270 | if ((ret = send_certificate(ssl)) == SSL_OK) |
| 271 | { |
| 272 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
| 273 | /* ask the client for its certificate */ |
| 274 | if (IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION)) |
| 275 | { |
| 276 | if ((ret = send_certificate_request(ssl)) == SSL_OK) |
| 277 | { |
| 278 | ret = send_server_hello_done(ssl); |
| 279 | ssl->next_state = HS_CERTIFICATE; |
| 280 | } |
| 281 | } |
| 282 | else |
| 283 | #endif |
| 284 | { |
| 285 | ret = send_server_hello_done(ssl); |
| 286 | ssl->next_state = HS_CLIENT_KEY_XCHG; |
| 287 | } |
| 288 | } |
| 289 | } |
| 290 | |
| 291 | return ret; |
| 292 | } |
| 293 | |
| 294 | /* |
| 295 | * Send a server hello message. |
| 296 | */ |
| 297 | static int send_server_hello(SSL *ssl) |
| 298 | { |
| 299 | uint8_t *buf = ssl->bm_data; |
| 300 | int offset = 0; |
| 301 | |
| 302 | buf[0] = HS_SERVER_HELLO; |
| 303 | buf[1] = 0; |
| 304 | buf[2] = 0; |
| 305 | /* byte 3 is calculated later */ |
| 306 | buf[4] = 0x03; |
| 307 | buf[5] = ssl->version & 0x0f; |
| 308 | |
| 309 | /* server random value */ |
| 310 | if (get_random(SSL_RANDOM_SIZE, &buf[6]) < 0) |
| 311 | return SSL_NOT_OK; |
| 312 | |
| 313 | memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE); |
| 314 | offset = 6 + SSL_RANDOM_SIZE; |
| 315 | |
| 316 | #ifndef CONFIG_SSL_SKELETON_MODE |
| 317 | if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME)) |
| 318 | { |
| 319 | /* retrieve id from session cache */ |
| 320 | buf[offset++] = SSL_SESSION_ID_SIZE; |
| 321 | memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE); |
| 322 | memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE); |
| 323 | ssl->sess_id_size = SSL_SESSION_ID_SIZE; |
| 324 | offset += SSL_SESSION_ID_SIZE; |
| 325 | } |
| 326 | else /* generate our own session id */ |
| 327 | #endif |
| 328 | { |
| 329 | #ifndef CONFIG_SSL_SKELETON_MODE |
| 330 | buf[offset++] = SSL_SESSION_ID_SIZE; |
| 331 | get_random(SSL_SESSION_ID_SIZE, &buf[offset]); |
| 332 | memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE); |
| 333 | ssl->sess_id_size = SSL_SESSION_ID_SIZE; |
| 334 | |
| 335 | /* store id in session cache */ |
| 336 | if (ssl->ssl_ctx->num_sessions) |
| 337 | { |
| 338 | memcpy(ssl->session->session_id, |
| 339 | ssl->session_id, SSL_SESSION_ID_SIZE); |
| 340 | } |
| 341 | |
| 342 | offset += SSL_SESSION_ID_SIZE; |
| 343 | #else |
| 344 | buf[offset++] = 0; /* don't bother with session id in skelton mode */ |
| 345 | #endif |
| 346 | } |
| 347 | |
| 348 | buf[offset++] = 0; /* cipher we are using */ |
| 349 | buf[offset++] = ssl->cipher; |
| 350 | buf[offset++] = 0; /* no compression and no extensions supported */ |
| 351 | buf[3] = offset - 4; /* handshake size */ |
| 352 | return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset); |
| 353 | } |
| 354 | |
| 355 | /* |
| 356 | * Send the server hello done message. |
| 357 | */ |
| 358 | static int send_server_hello_done(SSL *ssl) |
| 359 | { |
| 360 | return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, |
| 361 | g_hello_done, sizeof(g_hello_done)); |
| 362 | } |
| 363 | #endif |
| 364 | |
| 365 | /* |
| 366 | * Pull apart a client key exchange message. Decrypt the pre-master key (using |
| 367 | * our RSA private key) and then work out the master key. Initialise the |
| 368 | * ciphers. |
| 369 | */ |
| 370 | static int process_client_key_xchg(SSL *ssl) |
| 371 | { |
| 372 | uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index]; |
| 373 | int pkt_size = ssl->bm_index; |
| 374 | int premaster_size, secret_length = (buf[2] << 8) + buf[3]; |
| 375 | uint8_t premaster_secret[MAX_KEY_BYTE_SIZE]; |
| 376 | RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx; |
| 377 | int offset = 4; |
| 378 | int ret = SSL_OK; |
| 379 | |
| 380 | if (rsa_ctx == NULL) |
| 381 | { |
| 382 | ret = SSL_ERROR_NO_CERT_DEFINED; |
| 383 | goto error; |
| 384 | } |
| 385 | |
| 386 | /* is there an extra size field? */ |
| 387 | if ((secret_length - 2) == rsa_ctx->num_octets) |
| 388 | offset += 2; |
| 389 | |
| 390 | PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset); |
| 391 | |
| 392 | /* rsa_ctx->bi_ctx is not thread-safe */ |
| 393 | SSL_CTX_LOCK(ssl->ssl_ctx->mutex); |
| 394 | premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret, |
| 395 | sizeof(premaster_secret), 1); |
| 396 | SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); |
| 397 | |
| 398 | if (premaster_size != SSL_SECRET_SIZE || |
| 399 | premaster_secret[0] != 0x03 || /* must be the same as client |
| 400 | offered version */ |
| 401 | premaster_secret[1] != (ssl->client_version & 0x0f)) |
| 402 | { |
| 403 | /* guard against a Bleichenbacher attack */ |
| 404 | if (get_random(SSL_SECRET_SIZE, premaster_secret) < 0) |
| 405 | return SSL_NOT_OK; |
| 406 | |
| 407 | /* and continue - will die eventually when checking the mac */ |
| 408 | } |
| 409 | |
| 410 | generate_master_secret(ssl, premaster_secret); |
| 411 | |
| 412 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
| 413 | ssl->next_state = IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION) ? |
| 414 | HS_CERT_VERIFY : HS_FINISHED; |
| 415 | #else |
| 416 | ssl->next_state = HS_FINISHED; |
| 417 | #endif |
| 418 | |
| 419 | ssl->dc->bm_proc_index += rsa_ctx->num_octets+offset; |
| 420 | error: |
| 421 | return ret; |
| 422 | } |
| 423 | |
| 424 | #ifdef CONFIG_SSL_CERT_VERIFICATION |
| 425 | static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, |
| 426 | 0, 0x0e, |
| 427 | 1, 1, // rsa sign |
| 428 | 0x00, 0x08, |
| 429 | SIG_ALG_SHA256, SIG_ALG_RSA, |
| 430 | SIG_ALG_SHA512, SIG_ALG_RSA, |
| 431 | SIG_ALG_SHA384, SIG_ALG_RSA, |
| 432 | SIG_ALG_SHA1, SIG_ALG_RSA, |
| 433 | 0, 0 |
| 434 | }; |
| 435 | |
| 436 | static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 }; |
| 437 | |
| 438 | /* |
| 439 | * Send the certificate request message. |
| 440 | */ |
| 441 | static int send_certificate_request(SSL *ssl) |
| 442 | { |
| 443 | if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+ |
| 444 | { |
| 445 | return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, |
| 446 | g_cert_request, sizeof(g_cert_request)); |
| 447 | } |
| 448 | else |
| 449 | { |
| 450 | return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, |
| 451 | g_cert_request_v1, sizeof(g_cert_request_v1)); |
| 452 | } |
| 453 | } |
| 454 | |
| 455 | /* |
| 456 | * Ensure the client has the private key by first decrypting the packet and |
| 457 | * then checking the packet digests. |
| 458 | */ |
| 459 | static int process_cert_verify(SSL *ssl) |
| 460 | { |
| 461 | uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index]; |
| 462 | int pkt_size = ssl->bm_index; |
| 463 | uint8_t dgst_buf[MAX_KEY_BYTE_SIZE]; |
| 464 | uint8_t dgst[MD5_SIZE + SHA1_SIZE]; |
| 465 | X509_CTX *x509_ctx = ssl->x509_ctx; |
| 466 | int ret = SSL_OK; |
| 467 | int offset = 6; |
| 468 | int rsa_len; |
| 469 | int n; |
| 470 | |
| 471 | DISPLAY_RSA(ssl, x509_ctx->rsa_ctx); |
| 472 | |
| 473 | if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+ |
| 474 | { |
| 475 | // TODO: should really need to be able to handle other algorihms. An |
| 476 | // assumption is made on RSA/SHA256 and appears to be OK. |
| 477 | //uint8_t hash_alg = buf[4]; |
| 478 | //uint8_t sig_alg = buf[5]; |
| 479 | offset = 8; |
| 480 | rsa_len = (buf[6] << 8) + buf[7]; |
| 481 | } |
| 482 | else |
| 483 | { |
| 484 | rsa_len = (buf[4] << 8) + buf[5]; |
| 485 | } |
| 486 | |
| 487 | PARANOIA_CHECK(pkt_size, offset + rsa_len); |
| 488 | |
| 489 | /* rsa_ctx->bi_ctx is not thread-safe */ |
| 490 | SSL_CTX_LOCK(ssl->ssl_ctx->mutex); |
| 491 | n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[offset], dgst_buf, |
| 492 | sizeof(dgst_buf), 0); |
| 493 | SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex); |
| 494 | |
| 495 | if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+ |
| 496 | { |
| 497 | if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256))) |
| 498 | { |
| 499 | ret = SSL_ERROR_INVALID_KEY; |
| 500 | goto error; |
| 501 | } |
| 502 | |
| 503 | finished_digest(ssl, NULL, dgst); /* calculate the digest */ |
| 504 | if (memcmp(&dgst_buf[sizeof(g_asn1_sha256)], dgst, SHA256_SIZE)) |
| 505 | { |
| 506 | ret = SSL_ERROR_INVALID_KEY; |
| 507 | goto error; |
| 508 | } |
| 509 | } |
| 510 | else // TLS1.0/1.1 |
| 511 | { |
| 512 | if (n != SHA1_SIZE + MD5_SIZE) |
| 513 | { |
| 514 | ret = SSL_ERROR_INVALID_KEY; |
| 515 | goto end_cert_vfy; |
| 516 | } |
| 517 | |
| 518 | finished_digest(ssl, NULL, dgst); /* calculate the digest */ |
| 519 | if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE)) |
| 520 | { |
| 521 | ret = SSL_ERROR_INVALID_KEY; |
| 522 | } |
| 523 | } |
| 524 | |
| 525 | end_cert_vfy: |
| 526 | ssl->next_state = HS_FINISHED; |
| 527 | error: |
| 528 | return ret; |
| 529 | } |
| 530 | |
| 531 | #endif |
| 532 | |
| 533 | #endif |
| 534 |
Generated on 2021-Apr-16 from project MicroPython revision 1.15a
Powered by 
Code Browser 2.1
Generator usage only permitted with license.